Validate Helm Chart #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate Helm Chart | |
on: | |
pull_request: | |
branches: | |
- master | |
paths: | |
- 'charts/**' | |
- '.github/workflows/arc-validate-chart.yaml' | |
- '!charts/actions-runner-controller/docs/**' | |
- '!**.md' | |
- '!charts/gha-runner-scale-set-controller/**' | |
- '!charts/gha-runner-scale-set/**' | |
push: | |
paths: | |
- 'charts/**' | |
- '.github/workflows/arc-validate-chart.yaml' | |
- '!charts/actions-runner-controller/docs/**' | |
- '!**.md' | |
- '!charts/gha-runner-scale-set-controller/**' | |
- '!charts/gha-runner-scale-set/**' | |
workflow_dispatch: | |
env: | |
KUBE_SCORE_VERSION: 1.10.0 | |
HELM_VERSION: v3.8.0 | |
permissions: | |
contents: read | |
concurrency: | |
# This will make sure we only apply the concurrency limits on pull requests | |
# but not pushes to master branch by making the concurrency group name unique | |
# for pushes | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
validate-chart: | |
name: Lint Chart | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2 | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up kube-score | |
run: | | |
wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score | |
chmod 755 kube-score | |
- name: Kube-score generated manifests | |
run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - | |
--ignore-test pod-networkpolicy | |
--ignore-test deployment-has-poddisruptionbudget | |
--ignore-test deployment-has-host-podantiaffinity | |
--ignore-test container-security-context | |
--ignore-test pod-probes | |
--ignore-test container-image-tag | |
--enable-optional-test container-security-context-privileged | |
--enable-optional-test container-security-context-readonlyrootfilesystem | |
# python is a requirement for the chart-testing action below (supports yamllint among other tests) | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --config charts/.ci/ct-config.yaml) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Run chart-testing (lint) | |
run: | | |
ct lint --config charts/.ci/ct-config.yaml | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
if: steps.list-changed.outputs.changed == 'true' | |
# We need cert-manager already installed in the cluster because we assume the CRDs exist | |
- name: Install cert-manager | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
helm repo add jetstack https://charts.jetstack.io --force-update | |
helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait | |
- name: Run chart-testing (install) | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
ct install --config charts/.ci/ct-config.yaml |